Class SSLHostConfig

java.lang.Object
org.apache.tomcat.util.net.SSLHostConfig
All Implemented Interfaces:
Serializable
public class SSLHostConfig extends Object implements Serializable
Represents the TLS configuration for a virtual host.
See Also:

  • Field Details

  • Constructor Details

    • SSLHostConfig

      public SSLHostConfig()

  • Method Details

    • isTls13RenegotiationAvailable

      public boolean isTls13RenegotiationAvailable()

    • setTls13RenegotiationAvailable

      public void setTls13RenegotiationAvailable(boolean tls13RenegotiationAvailable)

    • getOpenSslConfContext

      public Long getOpenSslConfContext()

    • setOpenSslConfContext

      public void setOpenSslConfContext(Long openSslConfContext)

    • getOpenSslContext

      public Long getOpenSslContext()

    • setOpenSslContext

      public void setOpenSslContext(Long openSslContext)

    • getConfigType

      public String getConfigType()

    • getEnabledProtocols

      public String[] getEnabledProtocols()
      Returns:
      The protocols enabled for this TLS virtual host
      See Also:

    • setEnabledProtocols

      public void setEnabledProtocols(String[] enabledProtocols)

    • getEnabledCiphers

      public String[] getEnabledCiphers()
      Returns:
      The ciphers enabled for this TLS virtual host
      See Also:

    • setEnabledCiphers

      public void setEnabledCiphers(String[] enabledCiphers)

    • getObjectName

      public ObjectName getObjectName()

    • setObjectName

      public void setObjectName(ObjectName oname)

    • addCertificate

      public void addCertificate(SSLHostConfigCertificate certificate)

    • getOpenSslConf

      public OpenSSLConf getOpenSslConf()

    • setOpenSslConf

      public void setOpenSslConf(OpenSSLConf conf)

    • getCertificates

      public Set<SSLHostConfigCertificate> getCertificates()

    • getCertificates

      public Set<SSLHostConfigCertificate> getCertificates(boolean createDefaultIfEmpty)

    • setCertificateRevocationListFile

      public void setCertificateRevocationListFile(String certificateRevocationListFile)

    • getCertificateRevocationListFile

      public String getCertificateRevocationListFile()

    • setCertificateVerification

      public void setCertificateVerification(String certificateVerification)

    • getCertificateVerification

      public SSLHostConfig.CertificateVerification getCertificateVerification()

    • setCertificateVerificationAsString

      public void setCertificateVerificationAsString(String certificateVerification)

    • getCertificateVerificationAsString

      public String getCertificateVerificationAsString()

    • setCertificateVerificationDepth

      public void setCertificateVerificationDepth(int certificateVerificationDepth)

    • getCertificateVerificationDepth

      public int getCertificateVerificationDepth()

    • isCertificateVerificationDepthConfigured

      public boolean isCertificateVerificationDepthConfigured()

    • setCiphers

      public void setCiphers(String ciphersList)
      Set the new cipher (TLSv1.2 and below) configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.
      Parameters:
      ciphersList - The new cipher configuration in OpenSSL or JSSE format

    • getCiphers

      public String getCiphers()
      Returns:
      An OpenSSL cipher string for the current configuration.

    • getCipherList

      public LinkedHashSet<Cipher> getCipherList()

    • getJsseCipherNames

      public List<String> getJsseCipherNames()
      Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list. TLS 1.3 ciphers will be first in the list.
      Returns:
      A list of the JSSE cipher names

    • setCipherSuites

      public void setCipherSuites(String cipherSuites)
      Set the cipher suite (TLSv1.3) configuration.
      Parameters:
      cipherSuites - The cipher suites to use in a colon-separated, preference order list

    • getCipherSuites

      public String getCipherSuites()
      Obtain the current cipher suite (TLSv1.3) configuration.
      Returns:
      An OpenSSL cipher suite string for the current configuration.

    • setHonorCipherOrder

      public void setHonorCipherOrder(boolean honorCipherOrder)

    • getHonorCipherOrder

      public boolean getHonorCipherOrder()

    • setHostName

      public void setHostName(String hostName)

    • getHostName

      public String getHostName()
      Returns:
      The host name associated with this SSL configuration - always in lower case.

    • getOcspEnabled

      public boolean getOcspEnabled()

    • setOcspEnabled

      public void setOcspEnabled(boolean ocspEnabled)

    • getOcspSoftFail

      public boolean getOcspSoftFail()

    • setOcspSoftFail

      public void setOcspSoftFail(boolean ocspSoftFail)

    • getOcspTimeout

      public int getOcspTimeout()

    • setOcspTimeout

      public void setOcspTimeout(int ocspTimeout)

    • getOcspVerifyFlags

      public int getOcspVerifyFlags()

    • setOcspVerifyFlags

      public void setOcspVerifyFlags(int ocspVerifyFlags)

    • setProtocols

      public void setProtocols(String input)

    • getProtocols

      public Set<String> getProtocols()

    • setSessionCacheSize

      public void setSessionCacheSize(int sessionCacheSize)

    • getSessionCacheSize

      public int getSessionCacheSize()

    • setSessionTimeout

      public void setSessionTimeout(int sessionTimeout)

    • getSessionTimeout

      public int getSessionTimeout()

    • getGroups

      public String getGroups()
      Returns:
      the configured named groups

    • setGroups

      public void setGroups(String groups)
      Set the enabled named groups.
      Parameters:
      groups - the case sensitive comma separated list of groups

    • getGroupList

      public LinkedHashSet<Group> getGroupList()
      Returns:
      the groupList

    • setKeyManagerAlgorithm

      public void setKeyManagerAlgorithm(String keyManagerAlgorithm)

    • getKeyManagerAlgorithm

      public String getKeyManagerAlgorithm()

    • setRevocationEnabled

      public void setRevocationEnabled(boolean revocationEnabled)

    • getRevocationEnabled

      public boolean getRevocationEnabled()

    • setSslProtocol

      public void setSslProtocol(String sslProtocol)

    • getSslProtocol

      public String getSslProtocol()

    • setTrustManagerClassName

      public void setTrustManagerClassName(String trustManagerClassName)

    • getTrustManagerClassName

      public String getTrustManagerClassName()

    • setTruststoreAlgorithm

      public void setTruststoreAlgorithm(String truststoreAlgorithm)

    • getTruststoreAlgorithm

      public String getTruststoreAlgorithm()

    • setTruststoreFile

      public void setTruststoreFile(String truststoreFile)

    • getTruststoreFile

      public String getTruststoreFile()

    • setTruststorePassword

      public void setTruststorePassword(String truststorePassword)

    • getTruststorePassword

      public String getTruststorePassword()

    • setTruststoreProvider

      public void setTruststoreProvider(String truststoreProvider)

    • getTruststoreProvider

      public String getTruststoreProvider()

    • setTruststoreType

      public void setTruststoreType(String truststoreType)

    • getTruststoreType

      public String getTruststoreType()

    • setTrustStore

      public void setTrustStore(KeyStore truststore)

    • getTruststore

      public KeyStore getTruststore() throws IOException
      Throws:
      IOException

    • setCertificateRevocationListPath

      public void setCertificateRevocationListPath(String certificateRevocationListPath)

    • getCertificateRevocationListPath

      public String getCertificateRevocationListPath()

    • setCaCertificateFile

      public void setCaCertificateFile(String caCertificateFile)

    • getCaCertificateFile

      public String getCaCertificateFile()

    • setCaCertificatePath

      public void setCaCertificatePath(String caCertificatePath)

    • getCaCertificatePath

      public String getCaCertificatePath()

    • setDisableCompression

      public void setDisableCompression(boolean disableCompression)

    • getDisableCompression

      public boolean getDisableCompression()

    • setDisableSessionTickets

      public void setDisableSessionTickets(boolean disableSessionTickets)

    • getDisableSessionTickets

      public boolean getDisableSessionTickets()

    • setInsecureRenegotiation

      public void setInsecureRenegotiation(boolean insecureRenegotiation)

    • getInsecureRenegotiation

      public boolean getInsecureRenegotiation()

    • certificatesExpiringBefore

      public Set<X509Certificate> certificatesExpiringBefore(Date date)

    • adjustRelativePath

      public static String adjustRelativePath(String path) throws FileNotFoundException
      Throws:
      FileNotFoundException